def scanOneRange(self,startip,endip):
ip_list = []
tmp_list = []
domain_list = []
#数据库记录
db = DBHelper()
sql = "insert into job_status (status,path) values(%d,%s)" % (0,file_name)
db.execute_ddl_sql('safe_jobs',sql)
myscanner = Scanner()
ip_reverse = IPReverse()
ip_list = myscanner.WebScanner(startip,endip)
for x in ip_list:
tmp_list = ip_reverse.getDomainsList(x)
if tmp_list == None:
continue
domain_list.extend(tmp_list)
content = ''
for url in domain_list:
res = self.exp.exploit(url)
if not res:
record = 'Exploit Failed:Unknown'
content += record
else:
record = 'Exploit Success:%s\t\t%s' % (url,str(res))
content += record
self.file.write(record)
sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ('1',content)
print sql
db.execute_ddl_sql("safe_jobs",sql)
self.file.close()
def scanAll(self):
global file_name
#数据库记录
db = DBHelper()
sql = "insert into job_status (status,path) values(%d,%s)" % (0,file_name)
db.execute_ddl_sql('safe_jobs',sql)
#获取全部的域名列表
domain_list = []
query = {
'query':{
'match_all':{}
},
'_source':['domain']
}
res = self.es.search(body=query,index='safecat',doc_type='hostcrawler',size=1000000)
for x in res['hits']['hits']:
domain_list.append(x['_source']['domain'])
#开始载入exp扫描并写入记录文件
print '[+]Start scanning in mode all,please wait...'
content = ''
for url in domain_list:
res = self.exp.exploit(url)
if not res:
record = '%s\t\t\tFailed\n' % url
content += record
else:
record = '%s\t\t\t%s\n' % (url,str(res))
content += record
self.file.write(record)
#任务完成,写入数据库
sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ('1',content)
print sql
db.execute_ddl_sql("safe_jobs",sql)
self.file.close()
def scanByQuery(self,query):
content = ''
#数据库记录
db = DBHelper()
sql = "insert into job_status (status,path) values(%s,'%s')" % ('0',file_name)
db.execute_ddl_sql('safecat_jobs',sql)
#生成报告头
self.exp_list = self.loadExploit()
self.file.write('domain\t\t\tattack_results\n')
query_dsl = self.queryParser(query)
query_res = self.es.search(body=query_dsl,index='safecat',doc_type='hostcrawler',size=100000)
domain_list = [ x['_source']['domain'] for x in query_res['hits']['hits'] ]
for target in domain_list:
target = self.httptools.get_standard_url(target)
print '[+]TargetHOST:%s' % target
for obj in self.exp_list:
res = obj.exploit(target)
if not res:
record = '%s\t\t\tFailed\n' % target
content += record
print record
else:
record = '%s\t\t\t%s\n' % (target,res)
content += record
print record
self.file.write(record)
content = content.replace('\n',' ')
sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ('1',content)
print sql
db.execute_ddl_sql("safecat_jobs",sql)
self.file.close()
def scanOneHost(self,target):
#数据库记录
content = ''
db = DBHelper()
sql = "insert into job_status (status,path) values(%s,'%s')" % ('0',file_name)
db.execute_ddl_sql('safecat_jobs',sql)
print '[+]Start scanning in mode single...'
res = self.exp.exploit(target)
if not res:
print '%s Exploit Failed:Unknown' % domain
content += '%s\tExploit\tFailed:Unknown' % domain
else:
print 'Exploit Success:%s\t\t%s' % (x,str(res))
content = '%sExploit\tSuccess:%s\t\t%s' % (domain,x,str(res))
content = content.replace('\n',' ')
sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ('1',content)
print sql
db.execute_ddl_sql("safecat_jobs",sql)
def scanByDomain(self,domain):
#数据库记录
content = ''
db = DBHelper()
sql = "insert into job_status (status) values(%s)" % '0'
db.execute_ddl_sql('safecat_jobs',sql)
self.exp_list = self.loadExploit()
self.file.write('domain\t\tattack_results')
domain = self.httptools.get_standard_url(domain)
for obj in self.exp_list:
res = obj.exploit(domain)
if not res:
print '%s Exploit Failed:Unknown' % domain
content += '%s\tExploit\tFailed:Unknown' % domain
else:
print 'Exploit Success:%s\t\t%s' % (x,str(res))
content = '%sExploit\tSuccess:%s\t\t%s' % (domain,x,str(res))
sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ('1',content)
print sql
db.execute_ddl_sql("safecat_jobs",sql)
def scanByQuery(self, query):
content = ''
#数据库记录
db = DBHelper()
sql = "insert into job_status (status,path) values(%s,'%s')" % (
'0', file_name)
db.execute_ddl_sql('safecat_jobs', sql)
#生成报告头
self.exp_list = self.loadExploit()
self.file.write('domain\t\t\tattack_results\n')
query_dsl = self.queryParser(query)
query_res = self.es.search(body=query_dsl,
index='safecat',
doc_type='hostcrawler',
size=100000)
domain_list = [
x['_source']['domain'] for x in query_res['hits']['hits']
]
for target in domain_list:
target = self.httptools.get_standard_url(target)
print '[+]TargetHOST:%s' % target
for obj in self.exp_list:
res = obj.exploit(target)
if not res:
record = '%s\t\t\tFailed\n' % target
content += record
print record
else:
record = '%s\t\t\t%s\n' % (target, res)
content += record
print record
self.file.write(record)
content = content.replace('\n', ' ')
sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % (
'1', content)
print sql
db.execute_ddl_sql("safecat_jobs", sql)
self.file.close()
def scanByDomain(self, domain):
#数据库记录
content = ''
db = DBHelper()
sql = "insert into job_status (status) values(%s)" % '0'
db.execute_ddl_sql('safecat_jobs', sql)
self.exp_list = self.loadExploit()
self.file.write('domain\t\tattack_results')
domain = self.httptools.get_standard_url(domain)
for obj in self.exp_list:
res = obj.exploit(domain)
if not res:
print '%s Exploit Failed:Unknown' % domain
content += '%s\tExploit\tFailed:Unknown' % domain
else:
print 'Exploit Success:%s\t\t%s' % (x, str(res))
content = '%sExploit\tSuccess:%s\t\t%s' % (domain, x, str(res))
sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % (
'1', content)
print sql
db.execute_ddl_sql("safecat_jobs", sql)
